Software Releases
Current Release - Release Notes ECA

These Release Notes cover the Superna Eyeglass ECA deployed with Superna Eyeglass Ransomware Defender and Superna Eyeglass Easy Auditor and Superna Eyeglass Performance Auditor

What’s New in Superna Eyeglass Easy Auditor Edition and Ransomware Defender Edition

Release 2.5.7

What’s New! In Superna Eyeglass Easy Auditor Edition and Ransomware Defender Edition Release 2.5.7 can be found here.

Supported OneFS releases












Supported Eyeglass releases

Superna Eyeglass ECA Version

Superna Eyeglass Version



End of Life Notifications

End of Life Notifications for all products are available here.

Issues Fixed in this Release

New in

NEW - ECA OVF released with configuration files for 1, 3, 6 node deployments on the OpenSUSE 15.3 operating system. All other feature and functionality equivalent to

New in

NEW Health Checks

  • T17074 Check for issues with the NFS mount used to read the Powerscale audit logs and execute a remount if issue is found.
  • T18095 Check for stuck processing in containers responsible for real time analysis and writing audit events to the hdfs database and if found restart containers (fastanaylsis and evtarchive)
  • T18218 Check for condition where ECA nodes have been powered off without executing cluster down first leaving ECA in non functional state and if found execute a cluster down/up sequence to gracefully stop and start ECA services and containers.

NEW Disk Space Management

  • T19123 Turboaudit logs retrieved for rollover processing stored in separate partition with quota
  • T19691 Zookeeper ramdisk management interval changed to from 1 hour to 15 minutes

NEW Alarm Management

  • T19212 ECA Node Inactive timeout increased to 15 minutes in order to be considered inactive and generate alarm to reduce intermittent false positive notifications.

NEW Security

  • T7965 User and password now required to login to management GUI for ECA services: hbase-master, hbase-rs, spark-master, spark-worker, spark-history, kafkahq. Use default user ecaadmin and password set during upgrade to
  • T19158 New iptable rules which allow communication on all ports between ECA nodes, within ECA containers themselves and to Eyeglass but all other traffic is limited to port 443 required to use ECA services management GUIs and port 22 for ssh.

NEW Default Settings

  • T19109 Turboaudit default event processing rate increased to 30,000

Fixed in 2.5.7-21096

T19467 ECA logs missing from backup on new OVA deployment

ECA OVA missing symbolic link resulted in longs not being included in a backup.

Resolution: OVA symbolic link is now present.

Fixed in 2.5.7-21081/21068

No changes in 2.5.7. Refer to Release 2.5.6 - Release Notes ECA for latest changes

Technical Advisories

Technical Advisories for all products are available here.

Known Issues


T8309 ecactl cluster up may continue despite hbase errors

In some cases the "ecactl cluster up" command may continue when it encounters hbase errors. 

Workaround: Please open a support case for assistance with hbase errors.


T7367  Issues when ecactl cluster up interrupted

Interrupting "ecactl cluster up" before it has completed may result in misconfigured references for ECA nodes. This can result in ECA components starting on incorrect ECA node or may prevent ECA components from coming up at all.

Resolution: Please open a support case for assistance. 


T13247 ECA fails to retrieve audit events from all PowerScales if one PowerScale is unreachable via autonfs

When multiple PowerScale clusters are being monitored, an unreachable PowerScale cluster may block ECA turboaudit component from retrieving events from the reachable PowerScale cluster(s).

Workaround: Contact to assist in recovering from this condition.


Known Limitations


T8228 ECA Alarms not cleared automatically

ECA related alarms that appear in the Eyeglass Alarms window will not be cleared automatically. 

Workaround: Alarms must be manually cleared. Open the Alarms window on the Eyeglass web interface and select the Clear link for the alarm that you would like to clear.


T15457 HTML 5 vmware vcenter bug on OVA deployment

 Some versions of vmware vcenter HTML user interface have a known issue with OVA properties being read correctly post power on, leading to first boot issues.

Workaround: use the Flash client as a work around.


T17103 ECA version intermittently reported incorrectly

At times the ECA nodes report an incorrect version resulting in the RSW0010 alarm that ECA node version does not correspond to eyeglass version. This is an intermittent condition that clears itself without any action and does not impact ECA functionality.


© Superna LLC